When does GDPR come into effect?
May 25, 2018
My company is small do I have to comply with GDPR?
The GDPR is a requirement for all companies, regardless of their size. If you are selling directly through your own website, then you must comply. The GDPR applies to small companies if that small company carries out processing that is likely to result in a risk to the rights and freedoms of data subjects
Does GDPR only apply to EU companies?
Any company that sells or provides goods or services to European citizens and collects data must comply. That is true whether they have an office or legal entity in the EU or not.
Does Brexit mean GDPR won’t apply to the UK?
Unlike other directives of the EU that had to be implemented in local legislation, the GDPR, being a regulation, has immediate effect. For that reason, the data centers of the UK will have to abide by it, since their exit from the EU is after the GDPR, being scheduled for March 2019.
Does the GDPR apply to anonymized data?
No. This type of data is outside the scope of the GDPR, because is completely anonymous data, since individuals can not be identified from it.
What fines can be assessed under GDPR?
The maximum fine for non-compliance is 20 million euros or up to 4% of total annual global turnover of a company, which is, for anyone, a high number.
What is personal data?
In summary, personal data is all that reveals your identity, which is unique to you.
What is sensitive data?
A special category of personal data is sensitive data that will now include genetic and biometric data, which if processed will lead to the unique identification of a person.
Are sensitive data and special categories of data different?
No. Both are the same and describe the same type of personal data.
What is the difference between a data controller and a data processor?
The controller determines the purpose of data processing while the processor actually processes the data on behalf of the controller.
What is the difference between a regulation and a directive?
The GDPR is a regulation. This means that it is part of the law and will be adopted as it is by all the states members. In contrast, a directive could be interpreted and modified and each state member could apply it differently. Knowing this, under a directive, each country could form its own definition of personal data. Under the GDPR personal data are strictly defined. The definition can be broad, but there is no room for interpretation.
My company has self-certified to the EU-US Privacy Shield Framework are we GDPR compliant?
The Privacy Shield addresses one aspect of the broad regulation. There are significant differences in the perception that the United States and the EU have of privacy. The GDPR will bring a series of changes, not only to the organizations directly in the processing of personal data, but it is very possible that it will bring changes in the EU-US Shield Privacy agreement. The discussions are still in place, so the issue should be monitored closely in the near future.
Updated: May 2018
If you still have further queries, please visit the EU GDPR website at: https://www.eugdpr.org/eugdpr.org.php